Forcing Johnny to login safely

  • Authors:

  • Amir Herzberg;Ronen Margulies

  • Affiliations:

  • Department of Computer Science, Bar-Ilan University, Ramat Gan, Israel. E-mails: {herzbea, margolr}@cs.biu.ac.il;Department of Computer Science, Bar-Ilan University, Ramat Gan, Israel. E-mails: {herzbea, margolr}@cs.biu.ac.il

  • Venue:
  • Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

We present the results of the first long-term user study of site-based login mechanisms which force and train users to login safely. We found that interactive site-identifying images received 70% detection rates, which is significantly better than the results received by the typical login ceremony and with passive defense indicators [in: CHI'06: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York, 2006, pp. 601--610; Computers & Security 281,2 2009, 63--71; in: SP'07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, 2007, pp. 51--65]. We also found that combining login bookmarks with interactive images and 'non-working' buttons/links achieved the best detection rates 82% and overall resistance rates 93%.We also present WAPP Web Application Phishing-Protection, an effective server-side solution which combines the login bookmark and the interactive custom image indicators. WAPP provides two-factor and two-sided authentication.